Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 21:50:48 UTC

Phishing Email Blocked

Medium Investigating
ALR-00401 · 2026-07-07T23:48:25Z

Description

Phishing email targeting 'p.thomas@company.co.uk' blocked by DecoyPulse. Payload: credential harvesting link mimicking Microsoft 365 login.

Alert Metadata

Alert ID
ALR-00401
Timestamp
2026-07-07T23:48:25Z
Severity
Medium
Status
Investigating
Detection Source
DecoyPulse
Assigned Analyst
Marcus Webb

Endpoint Information

Hostname
WS-PC-001
User Account
p.thomas
Source IP
103.19.216.87
Destination IP
10.2.6.166
Origin Country
US United States

MITRE ATT&CK Mapping

Tactic
Initial Access
Technique
T1566.001
Reference
attack.mitre.org/techniques/T1566.001

Investigation Timeline

23:48:25 Event ingested by SOC365 Engine
23:48:30 EmilyAI triage started — correlation enrichment
23:48:33 EmilyAI confidence: 92% — escalated to human analyst
23:48:49 Alert assigned to analyst: Marcus Webb
23:51:02 Investigation started — querying SIEM and threat intelligence

Related Alerts

ID Time Alert Severity Status Host
ALR-00013 5h ago Phishing Email Blocked Medium Resolved WS-PC-001
ALR-00421 17h ago Tor Exit Node Connection High Investigating WS-PC-001
ALR-00444 17h ago Insider Threat Indicator Low Open WS-PC-001
ALR-00395 18h ago Credential Stuffing Attempt Low Resolved WS-PC-001
ALR-00264 19h ago Phishing Email Blocked Informational Escalated WS-LAP-010